Torvalds has never really been a fan of the vendor-sec list. Vendor-sec is supposed to be a vendor only list that is not publicly available. It's supposed to ensure that vendors will have the time they need to make fixes.
Back in 2005, Torvalds criticized vendor-sec, arguing that delayed disclosure, as is currently done by the vendor-sec list, is broken. He said he strongly believes that users should get updates before a disclosure is made.

The link for this article located at Internet News is no longer available.